当前位置:Gxlcms > PHP教程 > 求分析个php代码

求分析个php代码

时间:2021-07-01 10:21:17 帮助过:23人阅读

listOptions($actionTaskId); // We will actually store it for use in a second...
            break;

          case "stop": // Stop a specified running Task ID
            $sqlmap->stopScan($actionTaskId);
            break;

          case "kill": // Forcefully Kill a specified running Task ID
            $sqlmap->killScan($actionTaskId);
            break;

          case "del": // Delete a specified running Task ID
            $sqlmap->deleteTaskID($actionTaskId);
            break;

          default: // Do Nothing if nothing is specified...
            break;
        }
      }
    }
  }
?>



  
    SQLMAP Web GUI - Admin Panel
    
    
    
    
    
    
    
  
  
    
SQLMAP Web GUI - Admin Panel"; if(isset($_SESSION['myAdminID'])) { $taskList = $sqlmap->adminListTasks(trim($_SESSION['myAdminID'])); if(!$taskList) { ?>
[WARNING] '' - Appears to be an Invalid Admin ID!


Admin ID:
Total Number of Known Tasks:




'; echo ''; echo '
'; } else { ?> checkScanStatus($t); $taskConfig = $sqlmap->listOptions($t); echo ""; echo ""; if(sizeof($taskConfig) > 0) { $targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST); echo ""; } else { echo ""; } if(isset($status['status'])) { echo ""; } else { echo ""; } echo ""; if($status['status'] == 'running') { echo ""; echo ""; } else { echo ""; echo ""; } echo ""; echo ""; } ?>
TaskID Target Status Options
"; echo htmlentities($t, ENT_QUOTES, 'UTF-8'); echo "" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . " - " . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . " - Conf Stop Kill - - Del

[WARNING] NO Admin ID Set!




Logout
Want to learn more about SQLMAP, Visit the Project Page!
SQLMAP Web Operator Copyright © 2015, Coded By: HR, All rights reserved.


这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是

  $salt = "!SQL!";                            // Salt for form token hash generation
  $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
  $_SESSION['token'] = $token;                // Set CSRF Token for Form SubmitVerification

是1-1000000加SALT的sha1加密,然后我在

          [WARNING] NO Admin ID Set!


Admin ID:
Total Number of Known Tasks:




'; echo ''; echo '
'; } else { ?> checkScanStatus($t); $taskConfig = $sqlmap->listOptions($t); echo ""; echo ""; if(sizeof($taskConfig) > 0) { $targetHost = parse_url($taskConfig['options']['url'], PHP_URL_HOST); echo ""; } else { echo ""; } if(isset($status['status'])) { echo ""; } else { echo ""; } echo ""; if($status['status'] == 'running') { echo ""; echo ""; } else { echo ""; echo ""; } echo ""; echo ""; } ?>
TaskID Target Status Options
"; echo htmlentities($t, ENT_QUOTES, 'UTF-8'); echo "" . htmlentities($targetHost, ENT_QUOTES, 'UTF-8') . " - " . htmlentities($status['status'], ENT_QUOTES, 'UTF-8') . " - Conf Stop Kill - - Del

[WARNING] NO Admin ID Set!




Logout
Want to learn more about SQLMAP, Visit the Project Page!
SQLMAP Web Operator Copyright © 2015, Coded By: HR, All rights reserved.


这是后台登录首页(index.php)的代码,帐号密码在config.php中写死了,是admin,admin。现在登录后台后,显示[WARNING] NO Admin ID Set!,然后然我输入一串密文token,token密文貌似是

  $salt = "!SQL!";                            // Salt for form token hash generation
  $token = sha1(mt_rand(1, 1000000) . $salt); // Generate CSRF Token Hash
  $_SESSION['token'] = $token;                // Set CSRF Token for Form SubmitVerification

是1-1000000加SALT的sha1加密,然后我在

          [WARNING] NO Admin ID Set!

看到了输出token的语句,在前台查看源代码后,把密文输入,但是还是不行。求解,怎么才能过去?谢谢!!

你通过POST传递 myAdminID,但问题是你自己输入的myAdminID是应该怎么产生的?

那个token是防止CSRF的,不是用来产生myAdminID的,至于myAdminID应该怎么产生,你应该看看这段代码:

$sqlmap->adminListTasks(trim($_SESSION['myAdminID']));

人气教程排行